Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-29 | CVE-2021-40175 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. | 9.8 |
| 2021-08-29 | CVE-2021-40176 | Cross-site Scripting vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5225 allows stored XSS. | 6.1 |
| 2021-08-29 | CVE-2021-40177 | Unspecified vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. | 9.8 |
| 2021-08-29 | CVE-2021-40178 | Cross-site Scripting vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. | 6.1 |
| 2021-08-09 | CVE-2021-33256 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1 A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. | 8.8 |
| 2021-07-31 | CVE-2021-33617 | Unspecified vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. | 5.3 |
| 2021-07-19 | CVE-2021-20108 | Memory Leak vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34 Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. | 7.5 |
| 2021-07-19 | CVE-2021-20109 | Out-of-bounds Write vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34 Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. | 7.5 |
| 2021-07-19 | CVE-2021-20110 | Integer Overflow or Wraparound vulnerability in Zohocorp Manageengine Assetexplorer 1.0.34 Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. | 9.8 |
| 2021-07-17 | CVE-2021-33911 | Unspecified vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. | 9.8 |